tags:

views:

105

answers:

2
Q: 

Ensuring an assembly is called via a specified assembly

Is there any built in functionality to determine if an assembly is being called from a particular assembly?

I have assembly A which references assembly B. Assembly A exposes PowerShell cmdlets and outputs types that are found within B. Certain methods and properties with in types of exposed by B are of interest to types in assembly A but not of interest to consumers of PowerShell or anyone attempting to load types in B directly and call methods within it.

I have looked into InternalsVisibleToAttribute but it would require extensive rework because of the use of interfaces. I was devising a shared key system that would later be obfuscated but that seemed clunky.

Is there any way to ensure B is called only by A?

+1  A: 

i think InternalsVisibleToAttribute is best option. Another option checking of Assembly.GetCallingAssembly

Andrey  2010-05-17 21:08:29
+3  A: 

You'd use a Strong Name key on your assemblies to do this.

First make sure the calling assembly (assembly A) is strong name signed (this can be done in the project properties screen under the Signing tab)

The following code will retrieve the strong name key from the calling assembly.

internal static StrongName GetStrongName(Evidence evidence)
{
    foreach (var e in evidence)
    {
        if (e is StrongName)
        {
            return (StrongName)e;
        }
    }
    throw new ArgumentException();
}

The easiest way would be to sign both assemblies with the same StrongName, then verify that Assembly.GetCallingAssembly().Evidence and Assembly.GetExecutingAssembly().Evidence are signed by the same StrongName.

var callerKey = GetStrongName(Assembly.GetCallingAssembly().Evidence).PublicKey;
var execKey = GetStrongName(Assembly.GetExecutingAssembly().Evidence).PublicKey;

if (callerKey != execKey)
{
    throw new UnauthorizedAccessException("The strong name of the calling assembly is invalid.");
}

This might be impractical to implement over an existing codebase, but take a look at LinFu AOP, you should be able to implement an attribute that can be attached to classes that need to be checked for a valid caller.

Kevin McKelvin  2010-05-17 21:55:01

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?